Security would be much better, especially for mirrors, if the Zeroshell files were digitally signed or at least the md5/sha1 hash lists were. This is typical for all Linux distros. Currently there isn’t any way to verify if the ISOs and hash files have been replaced with malware.